AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jarin@chromium.org	dd4c82bbb3	Fix Heap::IsHeapIterable. We only consider heap iterable if the new space is empty (in addition to the exisiting old space check). The change also moves the iterability forcing + allocation prevention gadgets to HeapIterator so that it is impossible to miss them when iterating the heap. R=hpayer@chromium.org BUG=373283 LOG=N Review URL: https://codereview.chromium.org/285693006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21387 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 13:19:21 +00:00
yangguo@chromium.org	cf49b6e3ca	Reland "Simplify debugger state." R=ulan@chromium.org Review URL: https://codereview.chromium.org/299653002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21378 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-20 08:52:42 +00:00
dcarney@chromium.org	1b70812e7d	filter out .caller from other worlds R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/261103002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-19 13:45:45 +00:00
wingo@igalia.com	6382a25fa7	Poison .arguments and .caller for generator functions R=rossberg@chromium.org BUG= Review URL: https://codereview.chromium.org/270133003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-19 10:47:00 +00:00
adamk@chromium.org	35b8b0b27a	Move microtask queueing logic from JavaScript to C++ This avoids the appearence of a leak due to storing a JSObject as the microtask_state in the strong root list, and allows callers to call Isolate::RunMicrotasks() without having any v8::Context available (as at least Blink has interest in doing). The queue is now a strong root, represented as a FixedArray of JSFunctions (or empty_fixed_array, if it's empty); it doubles in size when it needs to grow. The number of elements in the queue is stored in Isolate::pending_microtask_count(). LOG=Y R=dcarney@chromium.org Review URL: https://codereview.chromium.org/290633010 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-19 07:57:04 +00:00
svenpanne@chromium.org	7ac5dfbd3e	Revert "Simplify debugger state." This reverts r21346, it broke the layout tests. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/292713002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21351 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-19 07:06:44 +00:00
yangguo@chromium.org	2d1a75d608	Simplify debugger state. R=ulan@chromium.org Review URL: https://codereview.chromium.org/287873005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-16 14:58:03 +00:00
rossberg@chromium.org	417610e24a	Stage ES6 symbols R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/286133002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-16 14:42:02 +00:00
jkummerow@chromium.org	48c39e57b2	Expand C++ macros in tools/generate-runtime-tests.py to increase coverage R=dslomov@chromium.org Review URL: https://codereview.chromium.org/290513002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-16 13:16:08 +00:00
yangguo@chromium.org	75a7a3157f	Use %DebugGetProperty in debug mirror to check for Promise. R=aandrey@chromium.org, amikhaylova@google.com Review URL: https://codereview.chromium.org/283373003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21339 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-16 13:06:20 +00:00
rossberg@chromium.org	98849dd1ce	Drop thenable coercion cache R=dslomov@chromium.org BUG=372788 LOG=Y Review URL: https://codereview.chromium.org/281753004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-14 10:44:34 +00:00
jkummerow@chromium.org	f5631f7378	Avoid name clashes of builtins and runtime functions. This makes it possible to use %Percent() notation to call any given builtin or runtime function in tests. R=dslomov@chromium.org Review URL: https://codereview.chromium.org/280243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-14 08:51:10 +00:00
jarin@chromium.org	2b4bfce298	Prevent interference of allocation sites with array-natives-elements test. This should make the arm64 build green again. R=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/285663005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21288 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-13 10:31:53 +00:00
yangguo@chromium.org	df296a2be0	Revert "Read internal properties [[PromiseStatus]] and [[PromiseValue]] of the promise." This reverts r21266. TBR=danno@chromium.org Review URL: https://codereview.chromium.org/273423008 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21269 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 13:38:39 +00:00
yangguo@chromium.org	b785aeda44	Read internal properties [[PromiseStatus]] and [[PromiseValue]] of the promise. BUG=v8:3093 LOG=N R=aandrey@chromium.org, yangguo@chromium.org Review URL: https://codereview.chromium.org/273653007 Patch from Alexandra Mikhaylova <amikhaylova@google.com>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 12:42:35 +00:00
jarin@chromium.org	c3cd2f0301	Fix %SetFlags("--stress-compaction") BUG=369943 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/261253006 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 10:39:08 +00:00
jkummerow@chromium.org	e7a34f3fd9	Harden runtime functions (part 6). Also blacklist LiveEdit-related functions from generated runtime tests. R=jarin@chromium.org Review URL: https://codereview.chromium.org/279593004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 09:37:26 +00:00
adamk@chromium.org	92b895a761	Harden %SetIsObserved with RUNTIME_ASSERTs Now throws if its argument is already observed, or if the argument is the global proxy. BUG=371782 LOG=Y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/274163002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 08:49:51 +00:00
jarin@chromium.org	cbf8c3f460	Make escape analysis preserve all representations required by HCompareNumericAndBranch. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/257803012 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-12 08:43:18 +00:00
adamk@chromium.org	fb70df076b	Object.observe: avoid accessing acceptList properties more than once BUG=v8:3315 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/270763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 18:22:28 +00:00
verwaest@chromium.org	03905e4753	Directly create API functions with readonly prototypes rather than converting. Remove FunctionSetReadOnlyPrototype. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/274463003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21243 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 17:59:15 +00:00
verwaest@chromium.org	8db908784e	Array Iterator prototype should not have a constructor. BUG=v8:3293 LOG=Y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/258793005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21234 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 16:37:04 +00:00
ishell@chromium.org	99f2e4d5ac	Fix typos in unit test for Array.prototype.fill() BUG= LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/277953002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 16:11:50 +00:00
yangguo@chromium.org	bd93673f40	Shorten autogenerated error message for functions only. R=yangguo@chromium.org, Yang, rossberg@chromium.org BUG=v8:3019, chromium:331971 LOG=Y Review URL: https://codereview.chromium.org/271733005 Patch from Andrey Adaykin <aandrey@chromium.org>. git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 13:14:09 +00:00
jarin@chromium.org	3976ebef93	Make new space iterable for --log-gc and --heap-stats options R=hpayer@chromium.org BUG=370827 TEST=test/mjsunit/regress/regress-370827.js LOG=N Review URL: https://codereview.chromium.org/272503005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21209 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 09:23:10 +00:00
hpayer@chromium.org	de21c8a245	Simplify ConfigureHeap and change --max_new_space_size to --max_semi_space_size. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/271843005 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 08:38:27 +00:00
bmeurer@chromium.org	7c45d49861	Improve Array.shift() performance for small arrays. TEST=mjsunit/array-shift,mjsunit/array-shift2,mjsunit/array-shift3 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/279743002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-09 08:28:25 +00:00
jkummerow@chromium.org	bf490ae0bd	Skip generated runtime tests that require i18nsupport as needed R=ishell@chromium.org Review URL: https://codereview.chromium.org/267343003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-08 14:34:37 +00:00
jkummerow@chromium.org	9866670c26	Add test case generator for runtime functions R=dslomov@chromium.org, machenbach@chromium.org Review URL: https://codereview.chromium.org/250923002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21199 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-08 13:11:59 +00:00
ulan@chromium.org	8999a006be	Fix index register assignment in LoadFieldByIndex for arm, arm64, and mips. This instruciton clobbers the index register. BUG=368243 LOG=N TEST=mjsunit/regress/regress-368243 R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/269273003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-08 08:51:51 +00:00
jkummerow@chromium.org	e1bbd26794	Refactor mjsunit/fuzz-natives-* into a separate test suite. R=machenbach@chromium.org Review URL: https://codereview.chromium.org/252143002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-07 12:31:26 +00:00
rossberg@chromium.org	5c9ad091e9	Revert "Prevent liveedit on or under generators with open activations" Seems to crash some tests on buildbots. TBR=ishell@chromium.org CC=wingo@igalia.com,yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/273433002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21178 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 16:02:18 +00:00
wingo@igalia.com	ab96529a4a	Prevent liveedit on or under generators with open activations R=yangguo@chromium.org LOG=N TEST=mjsunit/harmony/generators-debug-liveedit.js BUG= Review URL: https://codereview.chromium.org/266983004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 14:57:52 +00:00
rossberg@chromium.org	ae0a36ee32	Re^3-land "Ship promises and weak collections" R=jochen@chromium.org BUG= Review URL: https://codereview.chromium.org/266243003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 14:48:34 +00:00
ishell@chromium.org	9be0c4d378	Fixed jump in non-SSE4.1 implementation of LMathFloor instruction on x64. BUG=chromium:370384 LOG=N R=ulan@chromium.org Review URL: https://codereview.chromium.org/261853009 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 14:20:46 +00:00
ulan@chromium.org	a872ffdabc	Do not call setters of read-only accessors. BUG= TEST=mjsunit/readonly-accessor R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/271433002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-06 08:34:48 +00:00
hpayer@chromium.org	dde49c9dc3	Set max new space size in tests to proper MB value. Revert "Limit old space size in test which require a large new space." This reverts commit r21103. Revert "Remove max space limits in tests." This reverts commit r21104. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/263103006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-05 16:48:33 +00:00
wingo@igalia.com	275bfa1b61	Relocate suspended generator activations when enabling debug mode R=yangguo@chromium.org BUG=v8:3289 LOG=N Review URL: https://codereview.chromium.org/264973014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21145 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-05 14:31:51 +00:00
jochen@chromium.org	8554da5c68	Revert r21141. Relocate suspended generator activations when enabling debug mode BUG=v8:3289 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/262193003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21142 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-05 13:28:21 +00:00
wingo@igalia.com	9a9943b564	Relocate suspended generator activations when enabling debug mode R=yangguo@chromium.org BUG=v8:3289 LOG=N Review URL: https://codereview.chromium.org/260423002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21141 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-05 12:57:14 +00:00
adamk@chromium.org	5ea893074c	Fix ObjectNotifierPerformChange leak after r21126 Due to overlapping names of natives and runtime functions, the wrong context was used for Notifier.prototype.performChange. The leak test has been augmented to properly cover the leaky case, and the test now passes. Also tightened up type checks in runtime.cc and removed Object.observe functions from knownIssues in fuzz-natives-part2.js. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/264793015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 21:29:15 +00:00
rafaelw@chromium.org	72a090f3ee	Build cleanup following r21126. Marking Native* methods in object-observe.js as knownProblems in fuzz-natives TBR=verwaest Review URL: https://codereview.chromium.org/265883009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 17:31:27 +00:00
rafaelw@chromium.org	1b270ef5ea	Re-enable Object.observe and add enforcement for security invariants. This patch reverts r21062 which disabled Object.observe and the relevant tests. It also adds enforcement for the following three invariants: 1) No observer may receive a change record describing changes to an object which is in different security origin (context have differing security tokens) 2) No observer may receive a change record whose context's security token is different from that of the object described by the change. 3) Object.getNotifier will return null if the caller and the provided object are in differing security origins Further, it ensures that the global object can never be observed nor a notifier retrieved for it. Tests are included. R=verwaest@chromium.org, rossberg LOG=Y Review URL: https://codereview.chromium.org/265503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21122 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 13:55:11 +00:00
ishell@chromium.org	b4c1eda032	Checks for empty array case added before casting elements to FixedDoubleArray. BUG=chromium:369450 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/264973008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 11:30:24 +00:00
svenpanne@chromium.org	7bfc426fc9	Object.defineProperty shouldn't be a hint that we're constructing a dictionary. BUG=362870 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/261583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-05-02 06:02:00 +00:00
hpayer@chromium.org	56d0b9757e	Remove max space limits in tests. BUG= Review URL: https://codereview.chromium.org/263703003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21104 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 19:32:47 +00:00
hpayer@chromium.org	3dd05f8fc7	Limit old space size in test which require a large new space. BUG= Review URL: https://codereview.chromium.org/265673003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21103 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 18:57:25 +00:00
yangguo@chromium.org	7e367ae0ed	Reland "Trigger exception debug event for promises at the throw site." R=rossberg@chromium.org Review URL: https://codereview.chromium.org/266533003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 15:17:51 +00:00
yangguo@chromium.org	792af58115	Revert "Trigger exception debug event for promises at the throw site." This reverts r21092. R=ishell@chromium.org Review URL: https://codereview.chromium.org/262533009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 14:51:41 +00:00
mvstanton@chromium.org	287f65aec9	CallICStub with a "never patch" approach by default. Patching will occur only when custom feedback needs to be gathered (future CLs). Now rebased on https://codereview.chromium.org/254623002/, which moves the type feedback vector to the SharedFunctionInfo. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/247373002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 14:33:35 +00:00
yangguo@chromium.org	eed0e7e7a3	Trigger exception debug event for promises at the throw site. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/260723002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 14:17:40 +00:00
alexandre.rames@arm.com	67ea9e4b42	ARM64: Generate optimized code for Math.floor and Math.round with double outputs. R=jkummerow@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/258793002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 13:38:00 +00:00
mvstanton@chromium.org	5e2ee2bac2	A new test needs to exit early on non-internationalization builds. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/265513003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 09:04:17 +00:00
mstarzinger@chromium.org	129c58c47d	Fix some more missing ToObject on Array.prototype. R=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/254103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21077 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 08:52:00 +00:00
dslomov@chromium.org	ace15fa612	ES6: Add support for Array.prototype.fill() BUG=v8:3273 LOG=Y R=dslomov@chromium.org Review URL: https://codereview.chromium.org/240873002 Patch from Adrian Perez <aperez@igalia.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 08:28:29 +00:00
mvstanton@chromium.org	0c3e70a3b6	Bugfix: internationalization routines fail on monkeypatching. Calls to Object.defineProperty() and Object.apply() are not safe. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/253903003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-30 07:36:12 +00:00
danno@chromium.org	55fbf13ec1	disable Object.observe R=danno@chromium.org, danno BUG= Review URL: https://codereview.chromium.org/252063003 Patch from Rafael Weinstein <rafaelw@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-29 15:11:57 +00:00
rossberg@chromium.org	cf3a3a8844	Revert "PromiseThen should ignore non-function parameters." Wrong Blink test expectations, need to fix later. TBR=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/251813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-28 15:57:25 +00:00
rossberg@chromium.org	f40feecb4d	PromiseThen should ignore non-function parameters. When non-function parameters are given, PromiseThen should work as if undefined parameters were given. BUG=347455 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/180723011 Patch from Yutaka Hirano <yhirano@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-28 15:19:15 +00:00
yangguo@chromium.org	1a9649ae13	Error stack getter should not overwrite itself with a data property. R=ulan@chromium.org BUG=v8:3294 LOG=Y Review URL: https://codereview.chromium.org/258933007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-28 12:14:36 +00:00
yangguo@chromium.org	da0ca2afc2	Expose promise value through promise mirror. R=rossberg@chromium.org, yurys@chromium.org BUG=v8:3093 LOG=Y Review URL: https://codereview.chromium.org/258823012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21003 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-28 08:33:23 +00:00
yangguo@chromium.org	81a101678f	Expose promise status through promise mirror. R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org BUG=v8:3093 LOG=Y Review URL: https://codereview.chromium.org/257803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 14:01:01 +00:00
jarin@chromium.org	ff884e06ae	Fix materialization of accessor frames with captured receivers I have fixed skipping of the receiver object to materialize captured objects. This is done with a new DoTranslateSkip method. We should consider unifying DoTranslateSkip, DoTranslateObject and DoTranslateCommand as they do the almost the same thing - they only differ in where they store the result. The change also turns bunch of ASSERTs into CHECKs. R=mstarzinger@chromium.org BUG=359441 TEST=test/mjsunit/regress/regress-359441.js LOG=N Review URL: https://codereview.chromium.org/225283006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 12:58:15 +00:00
jarin@chromium.org	d557425a0c	Preserve Smi representation of non-escaping fields. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/251493004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 11:29:02 +00:00
verwaest@chromium.org	d2179f2062	Don't adopt the AST id from previous if id is none, since previous may have mismatching expected stack height. Additionally, harden merging of simulates after instructions with side effects and ensure there's a simulate before HEnterInlined. R=jarin@chromium.org Review URL: https://codereview.chromium.org/252583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 09:52:11 +00:00
hpayer@chromium.org	20107bf2d8	Remove lazy sweeping. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/254603002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 09:50:42 +00:00
wingo@igalia.com	df07a82771	Add tests for generator/debugger interaction R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/247003004 Review URL: https://codereview.chromium.org/256733004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 09:35:41 +00:00
yangguo@chromium.org	28f5cf398e	Trigger debug event on not yet caught exception in promises. R=aandrey@chromium.org, rossberg@chromium.org, yurys@chromium.org BUG=v8:3093 LOG=Y Review URL: https://codereview.chromium.org/249503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-25 07:03:05 +00:00
verwaest@chromium.org	a55821eef2	Mark the simulate before EnterInlined with BailoutId::None(), and set ReturnId on EnterInlined. When merging simulates into the simulate before enter-inlined, adopt the last AST id that gets merged into it. BUG=v8:3282 LOG=n R=titzer@chromium.org Review URL: https://codereview.chromium.org/257583004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 15:20:53 +00:00
ulan@chromium.org	72358c7fed	Convert function.length to API-style accessor. TEST=mjsunit/function-length-accessor R=yangguo@chromium.org Review URL: https://codereview.chromium.org/257423009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 11:24:13 +00:00
bmeurer@chromium.org	f95b815d5b	Revert "Add tests for generator/debugger interaction" This reverts commit r20921 for breaking the ARM/ARM64 bots. TBR=wingo@igalia.com Review URL: https://codereview.chromium.org/255563003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 08:26:16 +00:00
bmeurer@chromium.org	052f9e9b6d	Make DescriptorArray::IsMoreGeneralThan() and DescriptorArray::Merge() compatible again. BUG=365172 LOG=y TEST=mjsunit/regress/regress-365172-[1-3] R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/255513005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 08:07:14 +00:00
wingo@igalia.com	9d5d1764f9	Add tests for generator/debugger interaction R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/247003004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 07:24:38 +00:00
jarin@chromium.org	8c57b45042	Fix C++ type of Factory::NewFixedDoubleArray. The change fixes the C++ type of Factory::NewFixedDoubleArray to reflect the empty array case, where we return an empty FixedArray (rather than FixedDoubleArray). R=mvstanton@chromium.org BUG= Review URL: https://codereview.chromium.org/249593002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-24 05:29:00 +00:00
wingo@igalia.com	2194f3f858	Move bug 3280 regression test to mjsunit/harmony R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/248483004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 15:01:30 +00:00
jarin@chromium.org	cd3b9b8950	Fix the Array.push simulate for non-effect context. R=danno@google.com, danno@chromium.org BUG= Review URL: https://codereview.chromium.org/246543007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20912 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 14:26:53 +00:00
danno@chromium.org	2aa8941ad4	Fix deoptimization problem with inlined Array.push() R=jarin@chromium.org LOG=N Review URL: https://codereview.chromium.org/247573008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20911 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 13:20:28 +00:00
mstarzinger@chromium.org	66ec299808	Fix ToObject and Object.isSealed in four Array builtins. R=mvstanton@chromium.org TEST=mjsunit/regress/regress-builtinbust-6 Review URL: https://codereview.chromium.org/240223006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 12:48:32 +00:00
jarin@chromium.org	783eb25a8c	Avoid setting transitions in-place for cached maps when observed R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/246523004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20900 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 09:21:24 +00:00
wingo@igalia.com	e12ae547cf	Avoid exposing compiler-allocated temporaries to the debugger R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/245963006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-23 08:58:41 +00:00
adamk@chromium.org	71750f7be8	Fix issue with Map/SetIterator and types BUG=v8:3281 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/246993003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20893 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-22 18:14:46 +00:00
danno@chromium.org	b4fa81dbca	Insert HSimulate immediately after Crankshaft-inlined push. R=jarin@chromium.org LOG=N Review URL: https://codereview.chromium.org/247383002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-22 12:55:40 +00:00
wingo@igalia.com	a2ac40aca7	Context-allocate all parameters in generators Generator function scopes have forced context allocation. Ensure that all variables in such scopes get context allocation -- even unused variables. This fixes an assertion when reifying generator scopes in the debugger. R=yangguo@chromium.org LOG=Y BUG=v8:3280 Review URL: https://codereview.chromium.org/246733003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20883 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-22 11:34:16 +00:00
adamk@chromium.org	3308cb5857	ES6: Add support for Map/Set forEach This implements MapIterator and SetIterator which matches the same constructs in the ES6 spec. However, these 2 iterators are not exposed to user code yet. They are only used internally to implement Map.prototype.forEach and Set.prototype.forEach. Each iterator has a reference to the OrderedHashTable where it directly accesses the hash table's entries. The OrderedHashTable has a reference to the newest iterator and each iterator has a reference to the next and previous iterator, effectively creating a double linked list. When the OrderedHashTable is mutated (or replaced) all the iterators are updated. When the iterator iterates passed the end of the data table it closes itself. Closed iterators no longer have a reference to the OrderedHashTable and they are removed from the double linked list. In the case of Map/Set forEach, we manually call Close on the iterator in case an exception was thrown so that the iterator never reached the end. At this point the OrderedHashTable keeps all the non finished iterators alive but since the only thing we currently expose is forEach there are no unfinished iterators outside a forEach call. Once we expose the iterators to user code we will need to make the references from the OrderedHashTable to the iterators weak and have some mechanism to close an iterator when it is garbage collected. BUG=1793, 2323 LOG=Y R=adamk@chromium.org TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/238063009 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-17 17:45:32 +00:00
danno@chromium.org	59b3dc5812	Remove hand-written assembly ArrayPush stubs R=mstarzinger@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/233293005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-17 11:37:59 +00:00
adamk@chromium.org	91618cf1e9	Revert "ES6: Add support for Map/Set forEach" This reverts https://code.google.com/p/v8/source/detail?r=20823 It broke Windows builds. Will need to find a Windows try bot to figure out why. TBR=mstarzinger@chromium.org,arv@chromium.org Review URL: https://codereview.chromium.org/238973011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 21:19:25 +00:00
adamk@chromium.org	7c300d1f83	ES6: Add support for Map/Set forEach This implements MapIterator and SetIterator which matches the same constructs in the ES6 spec. However, these 2 iterators are not exposed to user code yet. They are only used internally to implement Map.prototype.forEach and Set.prototype.forEach. Each iterator has a reference to the OrderedHashTable where it directly accesses the hash table's entries. The OrderedHashTable has a reference to the newest iterator and each iterator has a reference to the next and previous iterator, effectively creating a double linked list. When the OrderedHashTable is mutated (or replaced) all the iterators are updated. When the iterator iterates passed the end of the data table it closes itself. Closed iterators no longer have a reference to the OrderedHashTable and they are removed from the double linked list. In the case of Map/Set forEach, we manually call Close on the iterator in case an exception was thrown so that the iterator never reached the end. At this point the OrderedHashTable keeps all the non finished iterators alive but since the only thing we currently expose is forEach there are no unfinished iterators outside a forEach call. Once we expose the iterators to user code we will need to make the references from the OrderedHashTable to the iterators weak and have some mechanism to close an iterator when it is garbage collected. BUG=1793,2323 LOG=Y TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/240323003 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 21:12:27 +00:00
bmeurer@chromium.org	42c67d5fa2	Allow merging of monomorphic accesses to tracked fields. Also add stability dependency only on maps that can transition, and delay adding the dependencies until we are actually using them, either in a HLoadNamedField or an HCheckMaps. TEST=mjsunit/field-type-tracking R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/239923004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 11:41:09 +00:00
bmeurer@chromium.org	63a477b29b	Clear invalid field maps in PropertyAccessInfo. BUG=363956 TEST=mjsunit/regress/regress-363956 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/239623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 09:48:32 +00:00
adamk@chromium.org	a44e10cad6	Revert "ES6: Add support for Map/Set forEach" This reverts commit https://code.google.com/p/v8/source/detail?r=20781. It broke the Win32 builders. TBR=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/239163012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 01:03:56 +00:00
adamk@chromium.org	a1af5a2a2f	ES6: Add support for Map/Set forEach This implements MapIterator and SetIterator which matches the same constructs in the ES6 spec. However, these 2 iterators are not exposed to user code yet. They are only used internally to implement Map.prototype.forEach and Set.prototype.forEach. Each iterator has a reference to the OrderedHashTable where it directly accesses the hash table's entries. The OrderedHashTable has a reference to the newest iterator and each iterator has a reference to the next and previous iterator, effectively creating a double linked list. When the OrderedHashTable is mutated (or replaced) all the iterators are updated. When the iterator iterates passed the end of the data table it closes itself. Closed iterators no longer have a reference to the OrderedHashTable and they are removed from the double linked list. In the case of Map/Set forEach, we manually call Close on the iterator in case an exception was thrown so that the iterator never reached the end. At this point the OrderedHashTable keeps all the non finished iterators alive but since the only thing we currently expose is forEach there are no unfinished iterators outside a forEach call. Once we expose the iterators to user code we will need to make the references from the OrderedHashTable to the iterators weak and have some mechanism to close an iterator when it is garbage collected. BUG=1793,2323 LOG=Y R=adamk@chromium.org, mstarzinger@chromium.org Review URL: https://codereview.chromium.org/236143002 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-16 00:40:03 +00:00
plind44@gmail.com	5a016958c6	MIPS: Add big-endian support for MIPS. Important notices: - The snapshot cannot be created for big-endian target in cross-compilation environment on little-endian host using simulator. - In order to have i18n support working on big-endian target, the icudt46b.dat and icudt46b_dat.S files should be generated and upstreamed to ICU repo. - The mjsunit 'nans' test is endian dependent, it is skipped for mips target. - The zlib and Mandreel from Octane 2.0 benchmark are endian dependent due to use of typed arrays. TEST= BUG= R=jkummerow@chromium.org, plind44@gmail.com Review URL: https://codereview.chromium.org/228943009 Patch from Dusan Milosavljevic <Dusan.Milosavljevic@rt-rk.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 16:39:21 +00:00
mstarzinger@chromium.org	e51d6462a7	Fix bogus call to Object.hasOwnProperty in Array builtin. R=mvstanton@chromium.org TEST=mjsunit/regress/regress-builtinbust-5 Review URL: https://codereview.chromium.org/239033002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20766 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 12:52:41 +00:00
ulan@chromium.org	a50aca97a2	Reland r20692 "Check stack limit in ArgumentAdaptorTrampoline." BUG=353058 LOG=N TEST=mjsunit/regress/regress-353058 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/236633006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20751 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 08:26:26 +00:00
mstarzinger@chromium.org	39137c81e6	Fix bogus Object.isSealed check in some Array builtins. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/237253002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 08:25:42 +00:00
bmeurer@chromium.org	6b4d4b7287	Reland "Track field types.". This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive. Issues with transitioning stores and fast object literals in Crankshaft fixed. TEST=mjsunit/field-type-tracking R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/238773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-15 07:36:47 +00:00
ulan@chromium.org	8b445aaa5f	Fix result of LCodeGen::DoWrapReceiver for strict functions and builtins. BUG=362128 LOG=Y TEST=mjsunit/regress/regress-362128 R=jacob.bramley@arm.com Review URL: https://codereview.chromium.org/226363007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 11:58:18 +00:00
mstarzinger@chromium.org	b280ad6c44	Try to switch Array builtins into strict mode. R=rossberg@chromium.org TEST=mjsunit,test262,webkit Review URL: https://codereview.chromium.org/233083003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 11:24:40 +00:00
jarin@chromium.org	c1a3ab6b4f	Revert "Track field types." Revert r20701. TBR=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/236843002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 08:24:15 +00:00
bmeurer@chromium.org	9cf3909975	Track field types. This is an initial step towards tracking the exact types instead of just the representations of fields. It adds support to track up to one map of heap object field values, eliminating various map checks on values loaded from such fields, at the cost of making stores to such fields slightly more expensive. TEST=mjsunit/field-type-tracking R=verwaest@chromium.org Review URL: https://codereview.chromium.org/167303005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20701 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-14 06:29:15 +00:00
ulan@chromium.org	68bbdaf28d	Skip mjsunit/regress/regress-353058 for ASAN and ARM until r20692 is relanded. TBR=mvstanton@chromium.org Review URL: https://codereview.chromium.org/232463005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 17:03:35 +00:00
ulan@chromium.org	4268ce0abd	Check stack limit in ArgumentAdaptorTrampoline. BUG=353058 LOG=N TEST=mjsunit/regress/regress-353058 R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/215853005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 13:39:19 +00:00
ulan@chromium.org	49d951d043	Do not call user defined getter of Error.stackTraceLimit. Handlify GetNormalizedProperty. BUG=360733 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/233243005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 13:16:36 +00:00
jarin@chromium.org	166ec11e43	Avoid type assertion on object comparison in Hydrogen - the comparison is unreachable because of previous checks. BUG= R=yangguo@chromium.org Review URL: https://codereview.chromium.org/232053004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 06:45:24 +00:00
jarin@chromium.org	fd988331ea	There is no definition for HArgumentsObject, so LDummyUse confuses the register allocator. I have recently made similar fix for HCapturedObject (see https://codereview.chromium.org/222283002/). BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/226613007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-11 06:29:51 +00:00
danno@chromium.org	2e9902b22a	Partially fix semantics of Array.push() Semantics of elements accessors are now preserved in all optimized code paths through Array.push(). Previously it was possible to have inconsistent behavior between optimized and unoptimized code, and there were cases where element accessors were completely ingored. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/232873002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-10 13:17:48 +00:00
svenpanne@chromium.org	5bddec047d	Do not use ranges after range analysis. Due to the SSA vs. SSI difference, we are only allowed to use the flags computed during range analysis, not the ranges themselves. For the case at hand, there is no such flag, so the condition is simply remvoed. BUG=361608 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/232553004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-10 09:40:17 +00:00
bmeurer@chromium.org	5a564648dd	Improve reproducibility of test runs. Add random seed to run-tests.py, using either a user supplied value or a random number generated by random.SystemRandom(). This same random seed is passed to all test cases, making sure that we can easily reproduce test failures that depend on random numbers (i.e. bugs related to our handwritten ASLR). Also fix all uses of rand() to make use of our RNG class instead. R=machenbach@chromium.org Review URL: https://codereview.chromium.org/231443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-10 07:25:49 +00:00
jarin@chromium.org	008a70c47b	Revert "Make new space iterable when transitioning double array to objects" This reverts r20603. BUG= Review URL: https://codereview.chromium.org/230863003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 13:39:03 +00:00
jarin@chromium.org	57d70c149c	Avoid hydrogen compare-objects-equal assertions in dead code ClusterFuzz test is triggering assertions for dead code. This fix issues HDeoptimize instruction when it finds out that the compare instruction is dead (because of previous checks). R=yangguo@chromium.org BUG=359491 LOG=N Review URL: https://codereview.chromium.org/228883005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20620 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 13:08:28 +00:00
yangguo@chromium.org	4df132a878	Fix argument expectation Runtime_StringParseInt. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/230693002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 12:33:51 +00:00
jarin@chromium.org	69d5b3c155	Make new space iterable when transitioning double array to objects R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/228643002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20603 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 09:50:08 +00:00
mstarzinger@chromium.org	e3aec7a587	Fix return value of push() and unshift() on Array.prototype. R=ulan@chromium.org TEST=mjsunit/regress/regress-builtinbust-3 Review URL: https://codereview.chromium.org/230453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20602 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 09:14:56 +00:00
jarin@chromium.org	05670b63bf	Add stack overflow check for inlined property getter We should check for overflow for each inlined property getter; otherwise, we can get an overflow from inlining property getter while still having pending overflow exception from some previous inlined getter (in the same polymorphic access). R=verwaest@chromium.org TEST=test/mjsunit/regress/regress-inline-getter-near-stack-limit.js Review URL: https://codereview.chromium.org/220813003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-09 07:35:12 +00:00
bmeurer@chromium.org	48e0d81205	Fix invalid local property lookup for transitions. BUG=361025 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/224903023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-08 09:36:04 +00:00
hpayer@chromium.org	7f54e1999c	Remove gc greedy mode. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/227553005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 14:22:32 +00:00
yangguo@chromium.org	e7f0beeaa6	Make `String.prototype.contains` throw when passing a regular expression Contributed by Mathias Bynens <mathiasb@opera.com>. TEST=mjsunit/harmony BUG=v8:3261 LOG=Y R=yangguo@chromium.org, arv@chromium.org, ishell@chromium.org Review URL: https://codereview.chromium.org/227113005 Patch from Mathias Bynens <mathiasb@opera.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 10:24:01 +00:00
jarin@chromium.org	c19764595f	Dead code elimination of inlined arguments objects causes wrong deopt info to be generated - instead of materializing the arguments, we get 'undefined'. Golem says the change is perf-neutral. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/208683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20529 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 08:42:34 +00:00
svenpanne@chromium.org	814be9b1b6	Yet another regression test for range analysis. BUG=v8:3204 LOG=y R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/224723016 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20528 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 08:04:25 +00:00
mvstanton@chromium.org	eaacd968f1	Fix for v8:3255 Grow KeyedStoreIC doesn't respect String value wrappers BUG=v8:3255 LOG=N R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/226053002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-07 07:52:24 +00:00
hpayer@chromium.org	5230d8d330	Make sure value is a heap number when reusing the double box in BinaryOpICStub. BUG= R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/216823005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-04 08:46:49 +00:00
mstarzinger@chromium.org	775d9b022f	Use premordial Object.isSealed/isFrozen in builtins. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/223473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 12:23:35 +00:00
jarin@chromium.org	fe37026116	When freezing global object, go through the property cell R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/223613002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20469 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 10:43:56 +00:00
jarin@chromium.org	42d2d3cb9d	Do not generate LDummyUse instruction for HCapturedObject LDummyUse confuses the register allocator (since there is no definition for the use). R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/222283002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 07:35:13 +00:00
jarin@chromium.org	0b53ed2d2b	Check in Lithium that allocation size in Smi range. This is to avoid triggering an assertion from Smi::FromInt. The generated code is unreachable, so it is not a real bug. R=ulan@chromium.org BUG= Review URL: https://codereview.chromium.org/221743005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-03 07:04:46 +00:00
rossberg@chromium.org	2fda95eb80	Make stray 'return' an early error As required by the spec, and implemented by other browsers. (Plus minor clean-up for redeclaration TypeErrors.) R=marja@chromium.org BUG= LOG=Y Review URL: https://codereview.chromium.org/220473014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 12:38:01 +00:00
jkummerow@chromium.org	511edabed2	Fix HGraphBuilder::BuildAddStringLengths length == String::kMaxLength is fine and should not bail out. BUG=chromium:357052 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/222113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 12:24:42 +00:00
rossberg@chromium.org	45118bfdfb	Make invalid LHSs that are calls late errors Necessary for web legacy compatibility. Also fold in additional strict mode checks into LHS checks. Minor constness clean-ups on the way. R=marja@chromium.org BUG=chromium:358346 LOG=Y Review URL: https://codereview.chromium.org/217823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-02 11:03:05 +00:00
dslomov@chromium.org	19c354b7b0	Support typed arrays in IsMoreGeneralElementsKindTransition. R=verwaest@chromium.org BUG=357054 LOG=Y Review URL: https://codereview.chromium.org/220403004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20410 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 16:41:35 +00:00
yangguo@chromium.org	64901004be	Smi immediates are not supported on x64. Do not use it. R=jkummerow@chromium.org BUG=358059 LOG=N Review URL: https://codereview.chromium.org/217083003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20409 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 15:32:06 +00:00
mvstanton@chromium.org	d93c906acc	Monomorphic prototype failures should be reserved for already-seen keys. We incorrectly mark a KeyedStoreIC miss as a monomorphic prototype failure even though it's the first time a particular (string) key has been seen. BUG=358088 R=verwaest@chromium.org LOG=N Review URL: https://codereview.chromium.org/219313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 14:16:54 +00:00
yangguo@chromium.org	10abff3498	Remove internalized cons string types. Currently, internalizing a cons string could result in either an in-place converted internalized cons string or a newly created internalized sequential string, depending on allocation success. The former could end up being embedded into an IC, which is not supported. R=mstarzinger@chromium.org BUG=357103 LOG=N Review URL: https://codereview.chromium.org/218993011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20394 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-04-01 11:30:31 +00:00
jarin@chromium.org	5607582f3b	We should perform the illegal redeclaration check earlier so that we do not confuse the AST typer with missing type feedback nodes. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/218493007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 16:45:46 +00:00
rossberg@chromium.org	282a7ca14e	Fix Type::Intersect to skip uninhabited bitsets R=verwaest@chromium.org, bmeurer@chromium.org BUG=chromium:357330 LOG=Y Review URL: https://codereview.chromium.org/219333003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:53:21 +00:00
dslomov@chromium.org	b3148d921e	Fix PrepareKeyedOperand on arm. When additional_offset is specified, the 'key' operand can be negative and still pass the bounds check. Therefore, when converting key from Smi, arithmetic and not logical shift must be used. R=verwaest@chromium.org BUG=358057 LOG=Y Review URL: https://codereview.chromium.org/219473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:14:28 +00:00
jarin@chromium.org	d02e1f2c25	Fix left trimming check for large objects BUG=358090 TEST=test/mjsunit/regress/regress-358090.js LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/213833008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 15:01:46 +00:00
verwaest@chromium.org	019e27d8db	Reland and fix "Fix LoadFieldByIndex to take mutable heap-numbers into account."" BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/218663005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:21:04 +00:00
yangguo@chromium.org	c0fa861726	Do not check for interrupt when allocating stack locals. R=dcarney@chromium.org BUG=357137 LOG=N Review URL: https://codereview.chromium.org/219373004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 14:14:54 +00:00
jochen@chromium.org	163044e7ba	Revert 20348 - "Fix LoadFieldByIndex to take mutable heap-numbers into account." Reason for revert: crashes benchmarks/sunspider/string-fasta on ia32.debug This also reverts r20350 and r20352 > Fix LoadFieldByIndex to take mutable heap-numbers into account. > > BUG= > R=ishell@chromium.org > > Review URL: https://codereview.chromium.org/213213002 BUG=none LOG=n TBR=verwaest@chromium.org Revert "Use sarq on x64" This reverts commit e2a8ef9321345c6bc091054443bf2b9535ff6b1c. Revert "Don't \| int and bool" This reverts commit c90d713d3a8ceba4fec41933a63beb6e50a3d7c0. Review URL: https://codereview.chromium.org/219393002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 13:23:32 +00:00
jochen@chromium.org	b7039334ae	Revert 20313 - "Ship promises and weak collections" > R=mstarzinger@chromium.org > BUG= > > Committed: https://code.google.com/p/v8/source/detail?r=20211 > > Review URL: https://codereview.chromium.org/206163004 R=rossberg@chromium.org TBR=rossberg@chromium.org LOG=y BUG=n Review URL: https://codereview.chromium.org/219303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 12:40:32 +00:00
verwaest@chromium.org	55a6318560	Fix LoadFieldByIndex to take mutable heap-numbers into account. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/213213002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:59:29 +00:00
jarin@chromium.org	d65fe51ca0	Add missing lazy deopt point for the TransitionElementsKind instruction. R=mvstanton@chromium.org, yangguo@chromium.org BUG=357105 TEST=test/mjsunit/regress/regress-357105.js LOG=N Review URL: https://codereview.chromium.org/216963002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 11:58:53 +00:00
jochen@chromium.org	a2f82479c4	Skip crashing harmony mjsunit tests on NaCL BUG=none TBR=machenbach@chromium.org LOG=n Review URL: https://codereview.chromium.org/219043002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-31 07:54:22 +00:00
dslomov@chromium.org	bd353dc3a0	Inline internal getters for typed arrays & friends. R=hpayer@chromium.org, yangguo@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=20330 Review URL: https://codereview.chromium.org/212603014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 15:25:24 +00:00
dslomov@chromium.org	c873e813c5	Revert "Inline internal getters for typed arrays & friends." This reverts commit r20330 for breaking arm64 nosnap tests. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/216993002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 13:33:50 +00:00
dslomov@chromium.org	6d91c1e77f	Inline internal getters for typed arrays & friends. R=hpayer@chromium.org, yangguo@chromium.org Review URL: https://codereview.chromium.org/212603014 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 12:02:52 +00:00
jarin@chromium.org	9e655afdb4	Reland "Fix property enum cache creation to include only own properties" Reland r20308 (reverted by r20310). TBR=verwaest@chromium.org Review URL: https://codereview.chromium.org/216383003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-28 06:59:20 +00:00
adamk@chromium.org	c2bbd9f9e2	Don't pass the hole to SetElement when creating Array.observe change records Also added comments to remind us why we were using the hole here in the first place (it's used for the case where Object.observe, rather than Array.observe, has been called on Array that's undergoing truncation). BUG=356589 LOG=N R=rossberg@chromium.org Review URL: https://codereview.chromium.org/213823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20316 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 18:29:07 +00:00
rossberg@chromium.org	826cf64fd3	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Committed: https://code.google.com/p/v8/source/detail?r=20211 Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:42:34 +00:00
jarin@chromium.org	af74f1206e	Revert "Fix property enum cache creation to include only own properties" This reverts commit 4cf47a20b4846cf050ea4844433e9c57654da34e. BUG= Review URL: https://codereview.chromium.org/214893002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20310 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:18:42 +00:00
rossberg@chromium.org	ddedf5c309	Harden internal uses of .chain R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/212553009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 16:11:23 +00:00
jarin@chromium.org	4608bdeccc	With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size. This is really Toon's fix, I have only created a small repro case. BUG= R=verwaest@chromium.org Review URL: https://codereview.chromium.org/212673011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 15:33:06 +00:00
dslomov@chromium.org	4cdfb46a6d	Fix JSObject::SetElement for fixed typed array elements. R=ulan@chromium.org BUG=357108 LOG=N Review URL: https://codereview.chromium.org/214543003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:54:26 +00:00
svenpanne@chromium.org	fe58e3d7b8	Removed 'executable' bits from mjsunit tests. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/214413006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20299 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 12:32:27 +00:00
ulan@chromium.org	5eabc4b802	Run tests on android_arm64. R=rmcilroy@chromium.org Review URL: https://codereview.chromium.org/210773003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20295 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-27 10:06:53 +00:00
yangguo@chromium.org	9be61ddb8a	Hide some runtime functions. R=dslomov@chromium.org Review URL: https://codereview.chromium.org/212163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20285 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 15:51:48 +00:00
danno@chromium.org	0a0f12b841	[x64] Improve key value sign-extension of dehoisted LoadKeyed/StoreKeyed Instead of sign-extending at key use, definitions that can be used as keys are sign extended immediately after the definition. R=danno@chromium.org Review URL: https://codereview.chromium.org/179773002 Patch from Weiliang Lin <weiliang.lin@intel.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20284 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 15:51:08 +00:00
jarin@chromium.org	10606aa756	Fix missing representation for the result of HIsSmiAndBranch. R=jkummerow@chromium.org BUG= Review URL: https://codereview.chromium.org/211273010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 13:14:08 +00:00
dslomov@chromium.org	76b8f25edb	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20279 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 12:50:13 +00:00
svenpanne@chromium.org	58c45cdd03	Mark debug-stepout-scope-part8 as flaky for ARM gc-stress. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/212253005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20264 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-26 08:57:21 +00:00
dslomov@chromium.org	f66af4feb4	Refactor optimized in hydrogen only runtime functions. This splits all runtime function into 3 categories: 1) RUNTIME: implemented in runtime and called from both full and optimized code. 2) RUNTIME_HIDDEN: implemented in runtime, never called directly from JS builtins. 3) INLINE: inlined in both full and optimized code 4) INLINE_OPTIMIZED: inlined in optimized code, implemented in runtime for full code. R=yangguo@chromium.org, yannguo@chromium.org Review URL: https://codereview.chromium.org/209353006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:26:55 +00:00
verwaest@chromium.org	c432f7166c	Don't convert dictionary sloppy arguments to fast double mode. BUG= R=ishell@chromium.org Review URL: https://codereview.chromium.org/207683006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:14:58 +00:00
dslomov@chromium.org	cdc9812756	Revert "This implements allocating small typed arrays in heap." This reverts commit r20244 for breaking Win64 build and webkit tests. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/208503007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20250 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 14:12:58 +00:00
ulan@chromium.org	cb0f49c18a	Add index check in DoAccessArgumentsAt. BUG=355523 LOG=N TEST=mjsunit/regress/regress-355523 R=jarin@chromium.org Review URL: https://codereview.chromium.org/210053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20245 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:26:41 +00:00
dslomov@chromium.org	654b6a27d1	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=20240 Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 13:21:58 +00:00
dslomov@chromium.org	727bc2153e	Revert "This implements allocating small typed arrays in heap." This reverts commit r20240 for breaking Windows build. TBR=svenpanne@chromium.org Review URL: https://codereview.chromium.org/211003003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20242 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:58:22 +00:00
dslomov@chromium.org	de690b656f	Allow to neuter array buffer twice in tests. R=jarin@chromium.org Review URL: https://codereview.chromium.org/209083005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:55:10 +00:00
dslomov@chromium.org	322a474bf2	This implements allocating small typed arrays in heap. R=mvstanton@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/150813004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20240 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 12:51:49 +00:00
rossberg@chromium.org	2e1b16de2a	Revert "Ship promises and weak collections" Reason: breaks Blink layout tests. R=machenbach@chromium.org BUG= Review URL: https://codereview.chromium.org/210853003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 10:57:52 +00:00
yangguo@chromium.org	793d4cb0b6	Fix issues when changing FLAG_concurrent_recompilation after init. R=jarin@chromium.org BUG=356053 LOG=N Review URL: https://codereview.chromium.org/210363005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:38:48 +00:00
yangguo@chromium.org	82f630a9f7	Reland "No longer OOM on invalid string length." R=ishell@chromium.org Review URL: https://codereview.chromium.org/210683003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20225 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:09:24 +00:00
titzer@chromium.org	3c31102025	First implementation of store elimination. BUG= R=hpayer@chromium.org Review URL: https://codereview.chromium.org/100253004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-25 09:06:16 +00:00
jarin@chromium.org	b765d3cdb9	Revert the (wrong) fix of the argument index check asserion. R=ishell@chromium.org BUG= Review URL: https://codereview.chromium.org/208423017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 21:32:19 +00:00
jarin@chromium.org	56f2006605	Fix to get around an assertion that triggers when generating code that happens to be dead because the assertion is checked a bit earlier at runtime. R=ishell@chromium.org BUG=355486 LOG=N Review URL: https://codereview.chromium.org/201573011 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 20:51:36 +00:00
rossberg@chromium.org	33be68c2fa	Ship promises and weak collections R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/206163004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:59:04 +00:00
verwaest@chromium.org	e18e650582	Ensure the constant operand for heap-object store-named-field is not a smi. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/210193002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 16:25:48 +00:00
rossberg@chromium.org	6704bbce82	Spec adjustments for well-known symbols R=arv@chromium.org, mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/208423013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20204 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:45:52 +00:00
yangguo@chromium.org	72932ae417	Revert "No longer OOM on invalid string length." This reverts r20202. TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/210143002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:36:15 +00:00
yangguo@chromium.org	531217502c	No longer OOM on invalid string length. R=ishell@chromium.org BUG=v8:3060 LOG=Y Review URL: https://codereview.chromium.org/207613005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 15:01:17 +00:00
yangguo@chromium.org	9c0f5be8d1	Correctly convert micro-sign to its upper case. R=dcarney@chromium.org BUG=355485 LOG=N Review URL: https://codereview.chromium.org/209323007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20197 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:16:14 +00:00
yangguo@chromium.org	f1bacf8fff	Fix DebugEvaluate for generators. R=mstarzinger@chromium.org BUG=v8:3225 LOG=N Review URL: https://codereview.chromium.org/207153004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20195 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 14:10:57 +00:00
jkummerow@chromium.org	55d5b02244	Delete mjsunit/string-oom-slow-* tests. They are too slow, and there is no feasible way to speed them up. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/205553005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20186 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 10:37:16 +00:00
yangguo@chromium.org	15951521cc	Refactor inlined typed array runtime functions. R=dslomov@chromium.org Review URL: https://codereview.chromium.org/203443002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-24 08:22:24 +00:00
ulan@chromium.org	50ca2eb9f6	Add option to run ScopeIterator faster giving up nested scope chain. We'd like to be able to trade nested scope chain info (consisting of with, block and catch scopes) in favor of speed in some cases. BUG=chromium:340285 LOG=N R=ulan@chromium.org, pfeldman, ulan, yangguo Review URL: https://codereview.chromium.org/203463011 Patch from Andrey Adaykin <aandrey@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:30:58 +00:00
ulan@chromium.org	fc2563f108	Visit return statement of inlined function in value context. BUG=354357 LOG=N TEST=mjsunit/regress/regress-354357.js R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/206413005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20158 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 12:14:44 +00:00
ulan@chromium.org	f20a9473f3	Ensure that lazy deopt sequence does not override calls. BUG=354433 LOG=N TEST=mjsunit/regress/regress-354433.js R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/198463006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20155 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 11:02:15 +00:00
yangguo@chromium.org	f6f99310fe	Skip string-oom tests on nacl. R=machenbach@chromium.org TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/207633004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20152 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 10:34:07 +00:00
jochen@chromium.org	2ce0bebba1	Rename A64 port to ARM64 port BUG=354405 R=ulan@chromium.org, rodolph.perfetta@arm.com LOG=y Review URL: https://codereview.chromium.org/207823003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20148 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-21 09:28:26 +00:00
jkummerow@chromium.org	2b722b663e	Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:354391 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/206073008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:25:24 +00:00
rossberg@chromium.org	b3b6987b27	Reland "Implement ES6 symbol registry and predefined symbols" Only change relative to original CL is the updated assertion condition at objects-inl.h:2119 R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/204913006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20136 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 16:13:09 +00:00
yangguo@chromium.org	c9d391d87f	Fix assertions wrt concurrent OSR. R=ulan@chromium.org Review URL: https://codereview.chromium.org/206473002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 15:23:31 +00:00
marja@chromium.org	e9358fa9ce	Increase the "local variables in a function" limit. The limit was originally added to avoid having large user-controlled constants (variable indexes) in the code generated by full-codegen. History behind this change: The original CL for adding the limit was https://codereview.chromium.org/7003030 and at that time, the limit was 32767. Reason for adding the limit (in CL comments): "The motivation behind this change is to avoid large user controlled constants in the code. The slot_operand used in the IA32 full code generator uses a relative load where the local index is an (negative) immediate." The limit was then bumped to 65535 by https://codereview.chromium.org/10965063 and to 131071 by https://codereview.chromium.org/11099063. R=dcarney@chromium.org, svenpanne@chromium.org, jkummerow@chromium.org, rossberg@chromium.org BUG=v8:3205 LOG=Y Review URL: https://codereview.chromium.org/206143004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 13:37:26 +00:00
rossberg@chromium.org	1088fbd1e7	Revert "Implement ES6 symbol registry and predefined symbols" TBR=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/204353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20121 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:56:41 +00:00
yangguo@chromium.org	000be4d033	Reland "Throw exception on invalid string length instead of OOM." R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/199583007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20119 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:27:36 +00:00
rossberg@chromium.org	0f71f61799	Implement ES6 symbol registry and predefined symbols R=mstarzinger@chromium.org, arv@chromium.org BUG= LOG=Y Review URL: https://codereview.chromium.org/203243004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 12:26:27 +00:00
yangguo@chromium.org	a5a82ef123	Revert "Throw exception on invalid string length instead of OOM." This reverts r20112. TBR=yangguo@chromium.org Review URL: https://codereview.chromium.org/206383002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20114 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 11:11:28 +00:00
yangguo@chromium.org	9ba80269ee	Throw exception on invalid string length instead of OOM. R=bmeurer@chromium.org BUG=349329 LOG=Y Review URL: https://codereview.chromium.org/199853004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 10:49:33 +00:00
ulan@chromium.org	41eab25615	A64: Fix write barrier input in KeyedStoreIC::GenerateSloppyArguments. This fixes flaky crashes in gc-stress bot: > Fatal error in ../src/incremental-marking.cc, line 84 > CHECK(obj->IsHeapObject()) failed BUG=353551 LOG=N TEST=test/mjsunit/regress/regress-353551.js R=m.m.capewell@googlemail.com Review URL: https://codereview.chromium.org/204453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-20 08:32:58 +00:00
jkummerow@chromium.org	d9b6b6439d	Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS BUG=chromium:350867 LOG=y R=verwaest@chromium.org Review URL: https://codereview.chromium.org/203303010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 15:49:29 +00:00
mvstanton@chromium.org	535f3427ca	Pretenure call new support. When FLAG_pretenure_call_new is on, we emit mementos on new object creation in full code, and consume the feedback in crankshaft. A key difference in the generated code for stubs is the allocation of an additional type vector slot for the CallNew AST node, which simplifies the CallConstructStub and CallFunctionStub considerably. Some performance tuning still needs to be addressed, therefore the flag is off at this moment, though fully functional. The goal is to remove the flag as soon as possible, which allows much code deletion (yay). R=hpayer@chromium.org Review URL: https://codereview.chromium.org/132963012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-19 13:39:09 +00:00
rossberg@chromium.org	b7b40e2b84	Remove Promise.cast ...as per January meeting. Renames 'cast' to 'resolve'. We rename the prior 'resolve' to 'accept', to keep the chain API usable. R=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/200763012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 15:03:35 +00:00
rossberg@chromium.org	aa250ea41a	Promises: make null a legal argument for .then R=svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/203453002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 14:55:43 +00:00
ulan@chromium.org	487ca9e384	Fix TransitionElementsKindStub to handle non-JSArray objects correctly. BUG=352982 LOG=N TEST=mjsunit/regress/regress-352982.js R=danno@chromium.org Review URL: https://codereview.chromium.org/196343023 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20033 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 13:29:29 +00:00
dslomov@chromium.org	6c01c3fd56	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Committed: https://code.google.com/p/v8/source/detail?r=20020 Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20022 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:55:29 +00:00
dslomov@chromium.org	a6224272fd	Revert "Apply numeric casts correctly in typed arrays and related code." This reverts commit r20020 for breaking Win64 build. TBR=jkummerow@chromium.org Review URL: https://codereview.chromium.org/199523006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20021 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:50:00 +00:00
dslomov@chromium.org	849187eab0	Apply numeric casts correctly in typed arrays and related code. R=jkummerow@chromium.org BUG=353004 LOG=Y Review URL: https://codereview.chromium.org/201873005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 10:23:50 +00:00
rossberg@chromium.org	58d623f228	Stage ES6 promises and weak collections Split collections flag into weak and non-weak. R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/201593004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20019 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-18 09:57:14 +00:00
verwaest@chromium.org	5aaa513630	Don't generate keyed store ICs for global proxies. BUG=352983 LOG=y R=ishell@chromium.org Review URL: https://codereview.chromium.org/197873025 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20011 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:19:39 +00:00
ulan@chromium.org	2cb4e78e74	Fix mjsunit/compiler/concurrent-invalidate-transition-map.js test. BUG=v8:3156 LOG=N R=yangguo@chromium.org Review URL: https://codereview.chromium.org/180053003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20009 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 17:00:48 +00:00
ulan@chromium.org	e1e4071cbc	Fix date cache in strict mode. BUG=v8:3220 LOG=N TEST=mjsunit/regress/regress-3220.js R=rossberg@chromium.org Review URL: https://codereview.chromium.org/201753002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:47:58 +00:00
ishell@chromium.org	3b257c35e5	Fixed spec violation of storing to length of a frozen object. BUG=chromium:350890 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/196653015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20005 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 15:43:33 +00:00
jkummerow@chromium.org	e4a18df7d1	Fix ASSERT violation when BinaryOpIC::Transition recurses into itself BUG=chromium:352586 LOG=n R=verwaest@chromium.org Review URL: https://codereview.chromium.org/201313002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 14:51:31 +00:00
rossberg@chromium.org	c3c185c173	Make invalid LHSs a parse-time (reference) error This is required by the spec. It also prevents crashes resulting from the attempt to read type feedback for the RHS of an invalid assignment which full codegen never actually allocated info for. To do: check properly in preparser already. R=marja@chromium.org, mstarzinger@chromium.org BUG=351658 LOG=Y Review URL: https://codereview.chromium.org/200473003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 10:21:01 +00:00
jkummerow@chromium.org	dc458525ad	Fix typo in r19923 (bounds check offset propagation) BUG=chromium:352929 LOG=n R=ulan@chromium.org Review URL: https://codereview.chromium.org/201303002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:38:01 +00:00
ishell@chromium.org	f77c51b0a6	Check elimination now sets known successor branch of HCompareObjectEqAndBranch (correctness fix). BUG=chromium:352058 LOG=N R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/196383018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 09:11:38 +00:00
mvstanton@chromium.org	e3f3f6d98b	Revert "Continued fix for 351257. Reusing the feedback vector is too complex." This reverts commit r19919. TBR=bmeuer@chromium.org Review URL: https://codereview.chromium.org/196343021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19961 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:31:21 +00:00
yangguo@chromium.org	33ea8185e9	Suppress test failures on GC-stress for A64. R=ulan@chromium.org BUG=v8:3219 LOG=N Review URL: https://codereview.chromium.org/197873021 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-17 08:30:04 +00:00
verwaest@chromium.org	0f2a324c8a	Fix generalization with callbacks. BUG=352588 LOG=n R=danno@chromium.org Review URL: https://codereview.chromium.org/200173003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 14:17:49 +00:00
mvstanton@chromium.org	11df4b8815	Fix for issue 351261. This relands the following fix: "HAllocate should never generate allocation code if the requested size does not fit into page. Regression test included. (bug 347543)" along with additional fixes to KeyedStoreIC. BUG=351261 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/200113002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:22:55 +00:00
ulan@chromium.org	2c99cba38b	Propagate updated offsets in BoundsCheckBbData. BUG=350863 LOG=Y TEST=mjsunit/regress/regress-350863.js R=bmeurer@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/197823009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 10:02:25 +00:00
bmeurer@chromium.org	358e176d50	Add regression test for range analysis bug. BUG=v8:3204 LOG=y R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/200103002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:54:26 +00:00
mvstanton@chromium.org	dd28969c1c	Continued fix for 351257. Reusing the feedback vector is too complex. Attempting to re-use the type feedback vector stored in the SharedFunctionInfo turns out to be difficult among the various cases. It will be much easier to do this when deferred type feedback processing is removed, as is in the works. Created bug v8:3212 to track re-introducing the optimization of reusing the type vector on recompile before optimization. The CL also brings back the type vector on the SharedFunctionInfo. BUG=351257 LOG=Y R=bmeurer@chromium.org, bmeuer@chromium.org Review URL: https://codereview.chromium.org/199973004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-14 09:28:37 +00:00
yangguo@chromium.org	0f71a24f3a	Correctly retain argument value when deopting from Math.round on x64. R=jkummerow@chromium.org BUG=351624 LOG=N Review URL: https://codereview.chromium.org/199013002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 13:57:21 +00:00
ulan@chromium.org	c64b78f6da	Check that constant is an integer before getting its value in HGraphBuilder::MatchRotateRight. BUG=351263 LOG=N TEST=mjsunit/regress/regress-351263 R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/197803005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19890 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 11:50:50 +00:00
yangguo@chromium.org	4e390c64f1	Harmony: move math features to es-staging. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/195123002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19886 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:51:59 +00:00
svenpanne@chromium.org	390d3a0b15	Make translation of modulus operation '--stress-opt'-proof. Note that we unconditionally deopt later, anyway, but our compilation pipeline has to survive long enough to reach that place. :-/ LOG=y BUG=352059 R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/198833002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 09:37:16 +00:00
jarin@chromium.org	713aa33f2a	Fix of argument materialization of captured heap numbers. The escape analysis calculates the number of slots in an object as no-of-slots = object-size / pointer-size. This gives 3 slots for heap numbers on 32-bit architectures (one slot for the map, two for the double value); however, my argument materialization code assumed just two slots (map + value). Since Hydrogen allocates heap numbers quite rarely, it is hard to produce a more meaningful repro than the one provided by Clusterfuzz. Any suggestions are welcome. The fix is simple - we just read out all extra slots (beyond the map and the double) for heap numbers. R=mstarzinger@chromium.org BUG=351315 LOG=N Review URL: https://codereview.chromium.org/196283004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 07:17:37 +00:00
adamk@chromium.org	8bd05193c7	Reland "Enable Object.observe by default" again This re-re-re-lands enabling Object.observe. The Chromium tests that failed last time this was rolled into Chromium have been disabled in https://src.chromium.org/viewvc/chrome?view=revision&revision=256706 This patch should be safe to merge once that lands. BUG=v8:2409 LOG=Y TBR=rossberg@chromium.org,dslomov@chromium.org,rafaelw@chromium.org Review URL: https://codereview.chromium.org/198383002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19868 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-13 00:20:06 +00:00
jkummerow@chromium.org	f9ee4f19b4	Use intrinsics for builtin ArrayBuffer property accesses BUG=chromium:351787 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/197793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19862 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 19:25:40 +00:00
svenpanne@chromium.org	be328fd4ce	Disable special handling of flooring division by constant until it is fixed for real. Added a test to check the various division-like operations more exhaustively. R=bmeurer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/194863002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19852 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 14:28:59 +00:00
verwaest@chromium.org	8735adb2c4	Don't fast RemoveArrayHoles in case of arguments arrays. BUG=351645 LOG=n R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/197043004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:42:18 +00:00
mvstanton@chromium.org	7477bc39ca	350884: KeyedStoreIC miss didn't handle a transitioning case. It's possible to get a transitioned map with no links to the origin map if it's a shared map. Code in KeyedStoreIC::StoreElementStub assumes it can check if two maps are in the same family by traversing the transition array. Long term, the "family" relationship should be recognized with the Normalized Map Cache. For now, allow the IC to remain monomorphic in this case if the receiver map and the previous receiver map are the same. Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210) to track the issue with the Normalized Map Cache. BUG=350884 LOG=N R=verwaest@chromium.org Review URL: https://codereview.chromium.org/194623005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 13:35:40 +00:00
jkummerow@chromium.org	105c1e08b7	Fix HIsSmiAndBranch::KnownSuccessorBlock() by deleting it Constants can still change their representation, so we cannot determine reachability of blocks based on their Smi-ness BUG=chromium:351320 LOG=y R=yangguo@chromium.org Review URL: https://codereview.chromium.org/196943002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19836 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:14:29 +00:00
danno@chromium.org	ae1669b501	Fix handling of polymorphic array accesses with constant index R=jkummerow@chromium.org BUG=chromium:351319 LOG=Y Review URL: https://codereview.chromium.org/196353004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 10:11:38 +00:00
jkummerow@chromium.org	8a1812f252	Fix lazy deopt after tagged binary ops Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-12 09:59:36 +00:00
dslomov@chromium.org	f6dac13dcb	Revert "Enable Object.observe by default" This reverts commit r19734 for breeaking ChromiumOS browser tests. 'OpenSpecialTypes/FileManagerBrowserTest.Test/3' started to time out, bisecting the roll led to this change. http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%282%29/builds/22224 TBR=rafaelw@chromium.org,rossberg@chromium.org BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/195123005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 18:15:44 +00:00
rossberg@chromium.org	85800eff3f	Fix issue with getOwnPropertySymbols and hidden properties When getting the symbols of an object we need to ignore the hidden properties of the prototype object since the hidden properties are represented by a single string key and we will not include that hidden string in the found names. BUG=350864 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/192883005 Patch from Erik Arvidsson <arv@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 16:46:35 +00:00
dcarney@chromium.org	62fc099334	fix bad access check check R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/195163002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 15:12:47 +00:00
rossberg@chromium.org	3f702d4bf9	Mode clean-up pt 1: rename classic/non-strict mode to sloppy mode R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/177683002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 14:39:08 +00:00
yangguo@chromium.org	6e1507331e	Fix bug in constant folding object comparisons. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/195063002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 13:34:01 +00:00
yangguo@chromium.org	dda0aa88b0	Revert "Mark mjsunit/string-case as flaky." This reverts r19760 since the issue has been fixed in r19755. R=dslomov@google.com, dslomov@chromium.org BUG=v8:3208 LOG=N Review URL: https://codereview.chromium.org/194823002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 11:38:53 +00:00
mvstanton@chromium.org	819d9f62d0	Fix for 350887: CHECK failure on new_length->IsSmi() In ElementsAccessorBase::SetLengthImpl for a dictionary array, we try to optimize setting array length if the new length is a smi. However, we refuse to set an array length to less than the index of the highest non-configurable array element. This index may be outside of smi range. Handle this case accordingly. BUG=350887 LOG=N R=dslomov@chromium.org Review URL: https://codereview.chromium.org/194803002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-11 10:30:10 +00:00
yangguo@chromium.org	1634e7de38	Fix assertion in RegExp parser to correctly expect stack overflow. Advance() always checks for stack overflow. If stack indeed overflowed, current() would hold the kEndMarker. ParseOctalLiteral does not expect this in the assertion, which causes assertion failure. R=mvstanton@chromium.org BUG=350865 LOG=N Review URL: https://codereview.chromium.org/192773002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:52:10 +00:00
yangguo@chromium.org	e25d51cc85	Fix constant folding of %_IsMinusZero. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/190793015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 15:06:54 +00:00
dslomov@chromium.org	9eefbda27f	Mark mjsunit/string-case as flaky. BUG=v8:3208 LOG=N R=machenbach@chromium.org Review URL: https://codereview.chromium.org/192573004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19760 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:52:05 +00:00
yangguo@chromium.org	78d23e5662	Implement KnownSuccessor method to some control instructions. R=jkummerow@chromium.org BUG=v8:3118 LOG=N Review URL: https://codereview.chromium.org/174863002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 14:50:01 +00:00
verwaest@chromium.org	1180803953	Reland and fix "Allow ICs to be generated for own global proxy." BUG= R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/176793003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19756 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:23:05 +00:00
rossberg@chromium.org	710ee827b5	Promise.all and Promise.race should reject non-array parameter. Promise.all and Promise.race should reject the returned Promise if an invalid parameter is given. Since they don't support iterable now, they should reject the Promise if a non-array parameter is given. BUG=347453 LOG=Y R=rossberg@chromium.org Review URL: https://codereview.chromium.org/182613003 Patch from Yutaka Hirano <yhirano@chromium.org>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 12:01:06 +00:00
bmeurer@chromium.org	bf86e624d4	Reland "Handle non-power-of-2 divisors in division-like operations". Fixed the flooring div bug and added a test case. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/191293012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-10 10:39:17 +00:00
rafaelw@chromium.org	6503dfb72b	Reland "Enable Object.observe by default" Original Issue: https://codereview.chromium.org/183683022/ TBR=rossberg BUG=v8:2409 LOG=Y Review URL: https://codereview.chromium.org/189513010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2014-03-08 04:41:06 +00:00

... 3 4 5 6 7 ...

3070 Commits